aws-eks v1.4.0 cluster creation with 'aws eks update-kubeconfig'

[pahud]

Note: for support questions, please first reference our documentation, then use Stackoverflow. This repository's issues are intended for feature requests and bug reports.

• I'm submitting a ...

  • 🪲 bug report
  • 🚀 feature request
  • 📚 construct library gap
  • ☎️ security issue or vulnerability => Please see policy
  • ❓ support request => Please see note at the top of this template.

• What is the current behavior?
  If the current behavior is a 🪲bug🪲: Please provide the steps to reproduce

In current README, the aws eks update-kubeconfig without specifying --role-arn will fail. We still need to specify the clusterAdmin IAM role ARN as --role-arn here,.

• What is the expected behavior (or behavior of feature suggested)?

aws eks update-kubeconfig succefully executed.

• What is the motivation / use case for changing the behavior or adding this feature?

To enhance the user experience.

Please check my sample:

export class CdkStack extends cdk.Stack {
  constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
    super(scope, id, props);

    // first define the role
    const clusterAdmin = new iam.Role(this, 'AdminRole', {
      assumedBy: new iam.AccountRootPrincipal()
    });

    // eks cluster with nodegroup of 2x m5.large instances in dedicated vpc with default configuratrion
    const cluster = new eks.Cluster(this, 'hello-eks', {
      clusterName: 'cdk-eks',
      mastersRole: clusterAdmin
    });

    // output the clusterAdmin role arn
    new cdk.CfnOutput(this, 'clusterAdminRoleArn', {
      value: clusterAdmin.roleArn
    })
  }
}

please note I add clusterAdmin.roleArn in the Outputs.

And I got outputs like this

Outputs:
CdkEksStack.clusterAdminRoleArn = arn:aws:iam::903779448426:role/CdkEksStack-AdminRole38563C57-LKOPLK0P9GVJ
CdkEksStack.helloeksDefaultCapacityInstanceRoleARN57400C70 = arn:aws:iam::903779448426:role/CdkEksStack-helloeksDefaultCapacityInstanceRole4DA-1TA4SC2WWC9H1
CdkEksStack.helloeksClusterName12358BC8 = cdk-eks

So I can copy the value of CdkEksStack.clusterAdminRoleArn from above and run:

aws eks update-kubeconfig --name cdk-eks --role-arn arn:aws:iam::903779448426:role/CdkEksStack-AdminRole38563C57-LKOPLK0P9GVJ

this will be successfully executed with no error and I can immediately kubectl with my cluster like this

kubectl get no                                                                    
NAME                                         STATUS   ROLES    AGE     VERSION
ip-10-0-150-198.us-west-2.compute.internal   Ready    <none>   6m57s   v1.13.7-eks-c57ff8
ip-10-0-190-37.us-west-2.compute.internal    Ready    <none>   7m3s    v1.13.7-eks-c57ff8

• Please tell us about your environment:

  • CDK CLI Version: 1.4.0 (build 175471f)
  • Module Version: 1.4.0
  • OS: OSX Mojave
  • Language: TypeScript

• Other information (e.g. detailed explanation, stacktraces, related issues, suggestions how to fix, links for us to have context, eg. associated pull-request, stackoverflow, gitter, etc)

[eladb]

Accidentally committed to master and reverted. Sorry!